Mission Reliability Modeling for Equipment
System Based on the Operational Viewpoint of
DoDAF 2.0
Lin Shaoyang,
College of Information System and Management
National University of Defense Technology
Changsha, P. R. China
Wu Xiaoyue
College of Information System and Management
National University of Defense Technology
Changsha, P. R. China
Abstract—Currently, Department of Defense Architecture
Framework (DoDAF) 2.0 is widely used in many aspects of
the architecture-related modeling fields. Due to the highly
complex structure of architecture, its reliability became a
pivotal issue. However, DoDAF 2.0 is lack of a specific
viewpoint to model the reliability of the architecture. This
paper introduces an approach to deal with reliability
modeling method related missions posed by Equipment
System (ES), which is an obvious characterized architecture.
OV-1, OV-5a and OV-6c of DoDAF 2.0's operational
viewpoint are extracted and extended as the modeling
framework. Use case diagram, class diagram and sequence
diagram of Unified Modeling Language (UML) are picked
to present the products mentioned. The study also regulates
a series of standards for each extended product in detail, in
order to collect requisite reliability-related parameters for
further analysis and calculation. Later, the proposed model
is applied to an ES as an example to verify its availability.
Keywords-reliability modeling; equipment system; mission
reliability; equipment system; operational viewpoint; DoDAF
2.0
I. INTRODUCTION
Equipment System (ES) is made up of wide ranges of correlative and function-complementary equipment, which integrate into an organic integrity of diverse categories, structures and scales, according to the claim of optimal
placement and operational capability, thus making up a
large high-level system, namely System of Systems (SoS) or architecture.
Reliability is a key performance parameter in system design, so has become a basis factor affecting mission success [1]. Mission is the foundation of ES, since all member of ES are related with each other as a whole by
the same target — achieving the specific destination.
Mission reliability refers to the probability that a system will perform its specified mission in its mission section [2]. Therein, mission section is the profile to the events and time sequence the mission has to follow. Mission reliability reflects the ability of fulfilling the task successfully, thus playing a big part in ES operational effectiveness.
On the basis of multi-view method, Architecture Framework (AF) provides a collection of normalized modeling process and description method, which standardizes the contents contained to ensure the unified understanding and comparing principal from all stakeholders [3]. Currently DoDAF 2.0 of U.S. is often adopted as descriptive model in military field [4-6]. Nonetheless, no specialized reliability modeling viewpoint or product arises in DoDAF 2.0.
Several reliability modeling methods have been used in the mission reliability analysis. Fault tree analysis is suitable in describing non-repairable systems in [7–9], but its limitations become apparent when conducted to quantitative issues. Bayesian Networks were developed as a logic graphical representation [10–11], and it has shown its agile computation efficiency. This approach is also applied in the proposed methodology. Later, state-space models, namely Markov chains and Petri nets, appear as main methods for analyzing system's dynamic reliability [12-14]. However, it has the state space growth explosion problem.
Yet, methods mentioned above show weakness on describing ES, since ES usually has great amount of units of different levels and complicated logical relations. On the other hand, product sets of DoDAF 2.0 do not supply all sufficient data for ES reliability analysis. In the paper, we propose a reliability modeling framework based on the operational viewpoint of DoDAF 2.0, viewing to probe into a reliability modeling framework to ES.
For the rest of the paper, section II introduces DoDAF 2.0 and its operational viewpoint. Section III demonstrates the processed reliability modeling product set and its UML description in detail. Section IV describes the application of this approach to an ES as a case study. Section V summarizes the paper and gives a perspective to further research.
II. DODAF 2.0 AND ITS OPERATIONAL VIEWPOINT
DoDAF 2.0 is a graphical and tabular description for SoS. It provides general guidance for development, usage and management of DoD architectures with an emphasis on interoperability and integration between constituent
International Conference on Logistics Engineering, Management and Computer Science (LEMCS 2014)
© 2014. The authors - Published by Atlantis Press 802
systems in SoS [15]. In total, 8 viewpoints and 52 products are built in DoDAF 2.0.
Viewpoint replaces "view" of antecedent versions, in order to coordinate with ISO. These viewpoints are further classified for describing the overarching aspects for every viewpoint (All Viewpoint, AV), requirements and deployments (Capability Viewpoint, CV), data relationships and alignment structure (Data and Information Viewpoint, DIV), operation scenarios and activities (Operational Viewpoint, OV), relationships between OV&CV and projects being implemented (Project Viewpoint, PV), performers, activities services and their exchanges (Service Viewpoint, SvcV), applicable principals (Standard Viewpoint, StdV), and the composition, interconnectivity and context (System
Viewpoint, SV),as Fig.1 demonstrating. Each of these
views has a well-defined product set in accordance with different perspectives.
The DoDAF 2.0 viewpoints reside in a presentation layer, underlying which there is a data layer where defining attributes and relationships of the architecture can be documented [16]. There is a natural and straight correspondence between AF and UML [3]. Additionally, DoDAF 2.0 formalism is increasingly being supported by other commercially available architecting tools, in which documents, sheets, matrices and such structured presentations are employed to narrow development cycle, e.g. DOORs of Telelogic, Requisite Pro of Rational and Caliber RM of Borland. One of the advantages UML possesses is that not only does it allow capturing DoDAF 2.0's data layer but also supports modeling and simulation on purpose of verification.
OV describes the missions and activities, operational elements, and resource flow exchanges required to conduct operations [16]. OV is adept at tracing system's dynamic behaviors and transformation, and just such character makes it quiet suitable for modeling ES mission reliability. OV has 9 products in total, involved capturing organization relationships, resource flows, state transition and other architecture's characters. For mission reliability modeling, this paper provides a tailored product set, including OV-1, OV-5a and OV-6c to model ES's mission reliability, and it would be elaborately discussed in next section.
Figure 1. DoDAF 2.0 eight viewpoints.
III. MISSION RELIABILITY MODEL UNDER OV
Product Set
The clipped product set of ES mission reliability model is shown in Fig. 1.
OV-1 aims at describing the contents and processes of the mission(s) that ES has to fulfill. Graph of jpg is recommended as the storage format. Its visualized
representation enables further reliability modeling, meanwhile offering information particularly concerned by high-level decision makers during their decision process. OV-1's contents depend on the unique objective and application of specific ES. In general, it may involve operation processes, organization hierarchy, geographical distribution and operational expectations including what missions will emerge, which unit(s) will undertake, what sequences should be complied with et al, and also the interaction with external environment and systems. The links between two elements are suggested but not limited as one of the follows:
Control: Control link from A to B means B's activity is managed by A's instructions.
TrackInfo: TrackInfo link represents the information flow movements.
Assistance: Assistance link from A to B indicates that if B gets failed, A would make up.
Affirm: Affrim link reports the lower equipment's being- state and attack-complete state from lower level to the command center.
The relationships of the elements on the diagram sometimes convey their relative position, although this is not specifically captured in the semantics. Since each ES differs, we do not set specific rules for OV-1.
OV-5a is a newly created product in DoDAF 2.0, in order to describe mission constituents and their hierarchical structure. Through the decomposition it can be cleared that the duty each mission should accomplish and unnecessary redundancy that can be eliminated. Thus the model could be simplified and efficiency may be improved as well. To clarify the affect that lower-level failure brought about to higher missions, logic connections are introduced into OV-5a. Currently 'AND' gate and 'OR' gate are mainly considered. They can be defined as follows.
Def. 1 AND gate: Only when all nodes under AND gate succeed does mission above the gate succeed, as Fig. 2(a).
Def. 2 OR gate: As long as at least one of the nodes under OR gate succeeds will mission above the gate succeed, as Fig. 2(b).
OV-6c depicts the sequence and information exchanges between phases. Through constant refining to the mission process, execution order and rules would be gradually precise and accurate. UML sequence diagram is adopted as representation standard. Sequence division is consistent with divided layered graph of OV-5a. On top of the graph is ES' object, accompanied by its relevant lifeline. Specific time points are labeled on left of the lifeline labels. Bars on the lifeline stand for its duration time. Solid arrow line is message transiting between objects.
In each phase's sequence diagram, time propels in terms of lifeline. In reality, lifeline is finite and does not fit for long-time phase. Thus object's lifeline should be regulated in more details. As Fig. 3 shows, on left of the object A's lifeline, t11 represents A's start time and similarly t12 end time, while t21 is the time message 1 from another object arrives. t22 on the right indicates message 2 leaving time.
803
A N D
P
1
P
2
A
O R
P
1
P
2
B
Figure 2. (a) AND gate example. (b) OR gate example
message 2
O bject A
t11
t12
t22
message 1
t21
Figure 3. OV-5a UML sequence diagram representation
IV. UML DEFINITION
a. OV-5a UML normalization OV-5a describes the operations that are normally
conducted in the different nodes. The extended use-case and class diagram provides a means of breaking down activities to lower level activities as well as indicating the nodes that perform the activities. It includes node, activity, link and logic relation. Their normalized data definition is shown in table 2 (a)-(d).
b. OV-5a UML normalization The OV-6c is used to define time based behavioral
scenarios between operational elements. The interactions can be service operations as well as the interactions defined on OV-5a diagrams. There are three types of elements in OV-6c: node, lifeline and message transit. Therein, node data definition is the same as OV-5a. Lifeline can be potentially described by the messageArrivingTime and messageLeavingTime attributes of message transit. Table 3 illustrates the data definition for message transit.
TABLE I. ES MISSION RELIABILITY MODEL
Nu
m.
Product name Function Type
1 High-Level Operational
Concept Graphic
(OV-1)
Establish mission scenario on the whole; point out the units
that need to be modeled
Graph in jpg
2 Operational
Activity
Decomposition
Tree(OV-5a)
Describe the hierarchical and
interacted relations between
missions and their sub nodes
UML
use-case
and class diagram
3 Event-Trace
Description
(OV-6c)
Reflect timely states and the
process ES propels forward
UML
sequence diagram
TABLE II. (A) DATA DEFINITION FOR NODE
Attributes Explanation Data
Type
Remarks
nodeName nominate the node string
nodeId identify the unique node int
location longitude and latitude coordinate
array
ofActivity
point out the higher level
activity ID of the node belonging to
int
linkIn link-arriving nodes' ID int
linkTo link-departure nodes' ID int
prerequisit
e
according to the logic
relation and system design, whether the nodes would
happen
boolean 0:happen
1: does not happen
successProbability
possibility of success based on statistical result
double
startTime when to start time unified with
time def. of
OV-6c endTime when to end time
TABLE II (B) DATA DEFINITION FOR ACTIVITY
Attributes Explanation Data
Type Remarks
activityName
nominate the activity string
activityId identify the unique
activity int
nodeContained
pointed out the node ID it contains
array
activityDes
cription
explain the operational
objective and mission
success standards in detail
text
successRul
es
an expression to judge
whether the activity succeed
string
extract by
regular expression later
TABLE II (C)DATA DEFINITION FOR LINK
Attributes Explanation Data
Type
linkName nominate the link string
linkId identify the unique link int
linkFromNo
de
the node where link
begins int
linkToNode the node where link
ends int
TABLE II (D)DATA DEFINITION FOR LOGIC RELATION
Attributes Explanation Data
Type Remarks
logicRelationType
distinct it is
AND gate or
OR gate
boolean 0: AND gate 1: OR gate
numberOfNod
eContained
how many nodes are
under the gate
int
nodeContained its containing node's nodeId
array
upperActivityI
d
the activity the
nodes belong int
judgementRes
ult
store the
calculation result
double
according to the combination of activity
successRules and gate
logic
TABLE III. (A) DATA DEFINITION MESSAGE TRANSIT
Attributes Explanation Data
Type Remarks
messageTy
pe
same as the definition of
link in OV-1 int
Control: 1
TrackInfo: 2
Assistance: 3 Affirm:4
messageId identify the unique
message int
messageFrom
the nodeId of where the message is generated
int
messageTo the nodeId of where the
message reaches int
messageArrivingTime
the time when the node gets the message
time
messageLe
avingTime
the time when the node
sends out the message time
804
V. CASE STUDY
An ES is presented in this part as a detailed illustration to the proposed model. The system basically consists of five parts: Ground Based Interceptor (GBI), X band Ground Based Rader (GBR), Battle Management and Command, Control & Communications (BM/C
3) system,
Upgraded Early Warning Radar (UEWR), and Defense Support Program/Space-Based Infrared System (DSP/SBIRS) [17].
GBI is an up-to-date kinetic energy antipersonnel weapon intercepting ballistic missile warheads in its midcourse outside the atmosphere and destroying it through straightly impact. Traditional GBI consists of Exoatmospheric Kill Vehicle (EKV) and two booster rockets.
GBR is X band phased array radar, and it is the main fire control radar of the system, deployed at the same place with GBI. It mainly involves surveillance, capture, trace, identification, fire control assistance and damage evaluation.
BM/C3
is the brain of system, connecting all constituent systems organically. It mainly involves in receiving data from each detector to analyze the striking missile's parameters (like speed, trajectory, point of fall et. al), calculating "sweet point", directing UEWR and GBR to trace and capture the target, giving launch orders to GBI, offering revised target information to the flying interceptor, evaluation intercepting effect, and so on. BM/C
3 is also
deployed with GBI and GBR. UWER is upgraded phased array radar used to detect
and track ballistic missile and provide early warnings. It detects and traces ballistic missile initial flight and provides GBR rough azimuth information. DSP supplies early warnings for the system. Via merging data from two or more DSPs, ballistic trajectory can be forecasted. Furthermore, compared with foregone missiles' infrared characteristics, the ballistic version can be confirmed. Currently, DSP is gradually replaced by SBIRS, which consists of two kinds satellites: Lower Earth Orbit (LEO) and High Earth Orbit (HEO). Highly flexible infrared sensor technique of HEO conveys strategy, the launch and flight of theatre ballistic missile, global theatre infrared data and processed intelligence. LEO satellites are equipped with two kind sensors: the capture one is to observe flame during the rocket launch phase; the other trace one could keep in track with the locked target from its midcourse until back into the atmosphere.
Fig. 4 is the OV-1 model of the system. Substantially the system functions in such procedures:
1: Early warning phase 1) DSP/SBIRS detects the booster's plume when the
striking ballistic missiles launches, and traces until its booster rocker turning off. Via repeater satellite or earth station, DSP/SBIRS sends trackinfo back to BM/C
3 for
predicting the striking missile's incoming direction as well as impact area. Pertinent data would also be sent to UEWR.
2) After gets information of ballistic position, UEWR will search and detect associative airspace to trace the striking missile. When discovering missile warhead, it will track robustly and send trackinfo to BM/C
3.
2: Interception decision phase
1) BM/C3 formulates operations management plan,
including intercepting pattern, interceptor quantity, calculating effective acting distance, thus preliminarily ascertaining GBI's launch direction and moment. Meanwhile BM/C
3 should send control information to
GBI and receive affirm to get its authorization. 2) BM/C
3 sends trackinfo got from UEWR to GBR to
guide its search. Through detecting and tracing ballistic warhead, GBR would retrieve more precise information for BM/C
3 decision. Meanwhile, GBR would generate
warhead image by sufficient data it has collected. 3) BM/C
3 conducts target identification and threat
evaluation to verify the warhead version, the trajectory and the impact point. On this basis, interception decision about GBI's launch moment and estimated interception point is made. When the accuracy of the estimated interception point is within the appointed scope (20km), BM/C
3 would give GBI launching orders targeting on the
estimated interception point.
3:Interception implementation phase
1) As soon as receiving orders, GBI launches immediately. After that, GBR precisely tracks GBI and warhead, returns revised objective data back to BM/C
3 to
update GBI's flight. 2) When GBI reaches the estimated airspace, EKV
separates with the booster rocket. Then EKV compares the target information detected with former images provided by GBR to verify and target objective, thus destroying it through straight collision.
4: Interception effectiveness evaluation
1) During the GBI collision, GBR collects interception data sending back to BM/C
3.
2) BM/C3 evaluated the interception effectiveness. If
failed, BM/C3 has to decide whether to conduct a second
interception. According to the procedure, its operational activities
decomposition can be depicted like Fig. 5(a). Furthermore, Fig. 5(b) shows the class diagram for the case "EKV attack". On purpose of saving space, some of the class attribute values and operations have been omitted. For the proposed model of OV-6c, the above mentioned interception decision phase is hired as an example, and it is shown in Fig. 6.
VI. CONCLUSION
DoDAF 2.0 is a rife model framework for ES. The paper proposes a mission reliability modeling method based on the operational viewpoint of DoDAF 2.0 and illustrates the UML normalization. An ES is an example of highly complex and adaptive ES characterized by a loosely coupled federation of constituent systems. The proposed model succeeds in describing ES reliability structure, proving the methods validity. For further research, transition mechanism between OV-5a and OV-5b can be investigated in terms of enriching the product set and heterogeneous representation. Besides, UML entities can be enlarged for more abundant and convenient details. More importantly, system view's product can also be used on mission reliability modeling.
ACKNOWLEDGMENT
The paper is partly supported by National Natural Science Foundation of China under grant no. 71071159.
805
Figure 4. OV-1 model
D S P /S B IR S
detect plum e
trace m issile
store data
send info.
receive com m and
U EW R
search w arhead
G B I
G B R
B M /C 3
launch give orders
<extends>
<extends>
revise flight
separate boosters
E K V attack
<extends>
<extends>
<extends>
receive info.
calculate decide
generate im age
Figure 5. (a) OV-5a model
activityIDnodeContainedactivityDescriptionsuccessrules
E K VA ttack
nodeIdofActivitylinkInlinkToprerequisitesuccessProbabilitystartTimeendTime
E K V S eparatenodeIdofActivitylinkInlinkToprerequisitesuccessProbabilitystartTimeendTime
A ttackO rder
messageTypemessageIdmessageFrom: GBR, UEWRmessageArrivingTime
Flight P osition
E K V positioning
messageTypemessageIdmessageFrom: GBRmessageArrivingTime
R evised Flight
AND
messageTypemessageIdmessageFrommessageTomessageArrivingTimemessageLeavingTime
TargetVerification
AND
Figure 5. (b) OV-5a class diagram for the case "EKV attack"
U E W R G B RB M /C 3
1: controlAuthorization
G B I
6: launch decision order(position,time)
3: traceMessage
5: traceMessage
warhead image
4: traceMessage
2: affirm ation
Figure 6. OV-6c Sequence diagram for interception decision phase
REFERENCES
[1] Reliability primer for command, control, communications, computer, intelligence, surveillance, and reconnaisssance (C4ISR) facilities. available at: http: // www. usace. ary. mil /publications/ armytm/tm5-698-3/entire.pdf.2005a.
[2] Chul Kim, “Analysis for mission reliability of a combat tank,” IEEE Transactions on Reliability, vol. 38, no. 2, pp 242-245, 1989.
[3] Robert K. Garrett, Steve A., Neil T Baron, “Managing the interstitials, a system of systems framework suited for the ballistic missile defense system,” Systems Engineering, vol 14,no. 1, pp. 87-108,2011.
[4] Yang Kewei and Tan Yuejin, Architecture Requirements Technique and Method. Peking: Science Press, 2010.
[5] Shu Yu, Research on weapon equipment architecture modeling method and application based on the capability requirements, Ph.D. Dissertation, National University of Defense Technology, 2009.
[6] Jiang Zhiping, Research on architecture verification method and key technique for C4ISR system based on CADM, Ph.D. Dissertation, National University of Defense Technology, 2007.
[7] Bobbio A., Portinale L, “Improving the analysis of dependable systems by mapping fault trees into Bayesian networks,” Reliability Engineering & System Safety, vol. 71, no. 5, pp 249-260, 2001.
[8] Hichem Boudali, Joanne,Bechta Dugan, “Dynamic fault tree models for fault tolerant computer systems,” IEEE Transaction On Reliability, vol. 41, no. 3, pp 363-377, 1992.
[9] Huang Chin-Yu, Chang Yung-Ruei, “An improved decomposition scheme for assessing the reliability of embedded systems by using dynamic fault trees,” Reliability Engineering & System Safety, vol 92, no. 10, pp 1403-1412, 2007.
[10] Boudali H., Dugan J. B, “A discrete-time Bayesian network reliability modeling and analysis framework,” Reliability Engineering & System Safety, vol 87, no. 6, pp 337-349, 2005.
[11] Hichem Boudali, Joanne Bechta Dugan, “A continuous-time Bayesian network reliability modeling and analysis framework,” IEEE Transaction On Reliability, vol 55, no. 1, pp 34-41, 2006.
[12] Jau-Yeu Menq, Pan-Chio Tuan, “Discrete Markov ballistic missile defense system modeling,” European Journal of Operational Research, vol 178, no. 1, pp 560-578, 2007.
[13] Kim K, Park S, “Phased-mission system reliability under Markov environment,” IEEE Transaction On Reliability, vol 43, no. 5, pp 301-309, 1994.
[14] Abidin E.Olmez, “Mission centric reliability analysis of C4ISR architectures using petri net,” In Proceedings of IEEE International Conference on Systems, Man and Cybernetics, pp 587-592, 2003.
[15] Department of Defense Architecture Working Group, DoD Architecture Framework 2.0, Volume 2: Architecture and Models, available at: http://dodcio.defense.gov/Portals/0/Documents/DODAF/DoDAF_v2-02_web.pdf
[16] Biswas, A, Hayden, J, Phillips, MS, Bhasin, KB, Putt, C, & Sartwell, T, “Applying DoDAF to NASA orion mission communication and navigation architecture. In Proceedings of IEEE Aerospace Conference, pp 1-9, 2008.
[17] Wang Minle and Li Yong, Ballistic Missile Penetration Effectiveness Analysis. Peking: National Defense Industry Press, 2010.
806